Hero Banner

Microsoft Partner Network

Where Microsoft's CSP, MSP, SI, and ISV partners seek new opportunities and learn from each other


More GDPR leaders needed! Help customers navigate the GDPR journey.

”Helping partners build GDPR practices is critical. I have prioritized this as a key accountability for the One Commercial Partner teams so customers can progress more quickly on their journey toward [General Data Protection Regulation] compliance with the best levels of partner support.”

Gavriella Schuster, Corporate Vice President, One Commercial Partner


GDPR enforcement has begun. It’s an important milestone for our partners, who are out front and center with customers supporting their digital transformation.

Today (May 25), Alym Rayani, Director of Microsoft 365, will highlight our commitment to GDPR in a webcast titled Safeguarding individual privacy rights with the Microsoft cloud. Register here.


Partner offerings around GDPR typically pivot into 4 different areas:

1. Advisory services. GDPR compliance requires more than technology implementation. Customers may also need help with changing internal processes.

For example, Microsoft partner EY believes GDPR is an integrated exercise set within each firm’s privacy risk management framework. Their holistic approach supports compliance of the most visible obligations of the GDPR, including records of processing activities and data subject rights fulfillment. EY also sees GDPR as an opportunity for companies to address challenges broader than compliance, specifically data governance and user experience of privacy.

Not all partners provide advisory services, but these services are in high demand from customers to meet compliance. If you have clients that need consulting or legal help, and that’s not your company’s specialty, we recommend using partners with this expertise; the list below is a good starting point.


 2. Discovery and assessment services. Many partners use education and gap analysis to drive awareness about the GDPR, especially with non-European customers. Our GDPR Foundations Training is available and an ideal way to introduce the basics with a 45-minute or half-day session. Assessment tools such as the Microsoft GDPR Detailed Assessment (available in five languages) identify gaps and create a multi-year plan to improve customer compliance.

Oxford Computer Group gives customers a service that evaluates their data security and privacy posture against industry standards for security governance and management. Their service provides ongoing improvement and visibility of customers’ posture with continual assessment, surfacing remediation recommendations, and the option of implementation and support services.  

”We’re listening. The Microsoft 365 engineering team is regularly in touch with partners to get feedback so we can continue to provide the capabilities customers and partners are looking for.”

 — Rudra Mitra, Partner Director of Program Management, Office 365


 3. Deployment and implementation services. As part of their GDPR compliance journey, companies are often reviewing their data practices and engaging in data hygiene exercises. They need to find data, optimize processes, and implement the right solutions to meet regulatory requirements.

Deployment and implementation partners use technology and expertise to make it real for customers. To support these partners, we have the Data Discovery Toolkit.

Lighthouse’s legal and technology experts work together to help customers with their GDPR compliance obligations. In addition to offering advisory services, they help customers implement Microsoft technologies with a roadmap based on recommended services, technology, and support. They also drive customers to adopt new processes and technologies.


4. GDPR managed services. While today (May 25) marks the date that GDPR takes effect, ensuring ongoing compliance will require continuous attention and action. In response, many partners have added managed services for GDPR and use Microsoft Compliance Manager and capabilities such as data subject requests to help customers.

Three Netherlands partners, Audittrail, Mavim and Motion10, used their unique skill sets to create a joint GDPR offering under the name of “5.25”. They believe the only sustainable solution to GDPR is taking an all-inclusive approach. Audittrail assesses, manages, and controls internal customer processes, Mavin translates that into architecture, and Motion10 configures customer IT systems to meet GDPR objectives and offers a future-proof solution to help customers stay compliant. 

“GDPR is the most significant privacy law enacted in a generation. Microsoft is fully committed to GDPR and to helping enable solutions for our customers and partners on their GDPR compliance journey.”

 — Julie Brill, Corporate Vice President and Deputy General Counsel



  1. Don’t miss our GDPR webcast: Register here
  1. Top GDPR Resources for Partners: Resources
  1. Build your Security & Compliance Practice: Resources